Report: ransomware is the most disruptive cybercrime in Canada
The Weather Network and MétéoMédia still can't send weather alerts through push notifications from its app following a "malicious cyberattack" on Monday.
But Pelmorex, the parent company of the two weather services, says the attack is not affecting the Alert Ready system it runs to send emergency notifications to cellphones when dangerous weather is imminent.
On Sept. 11, the attack took down at least part of the The Weather Network and the two websites are still not providing full weather data four days later.
The sites have restored the current temperature and forecast data, but other information such as whether it's sunny, cloudy or raining right now, are missing.
Karen Kheder, Pelmorex's director of communications, says the attack is also preventing the company from sending its own weather alerts through push notifications to app users.
However, she says the Alert Ready system, which Pelmorex runs for federal and provincial governments, uses separate technical infrastructure and alerts through it are sent without any problems.
Alert Ready issues emergency warnings to mobile phones, as well as on radio and television stations, when a tornado or major thunderstorm is imminent.
“Pelmorex Corp. is working tirelessly to restore our services to Canadians after experiencing a recent malicious cyberattack," Kheder said in a written statement sent to The Canadian Press.
"This cyberattack has affected The Weather Network and MétéoMédia weather data systems only. Some services are already up and running and Canadians can also expect to see a steady restoration of more services and weather information."
Pelmorex said earlier this week the attack was a "cybersecurity incident connected to a third-party software provider" but has not explained more about it, including the name of that provider or the type of attack.
Pelmorex said it had alerted the appropriate authorities about the attack.
A statement issued by the office of Emergency Preparedness Minister Harjit Sajjan Thursday said the government was aware of the cybersecurity attack and that Alert Ready was unaffected.
"Pelmorex confirms Alert Ready capabilities are currently not impacted and continue to work as intended," the statement reads.
The Pelmorex attack is the latest in a string of cybersecurity incidents hitting Canadian companies and government departments and agencies in recent years.
In February, book retailer Indigo was hit with an attack that cost the company millions of dollars in lost sales as it was unable to process debit and credit card transactions for several days, and couldn't sell anything off its website for weeks.
In April, Russian hackers claimed credit for launching an attack on a number of Canadian agencies including the Prime Minister's Office, the Port of Halifax and Pearson International Airport.
In 2021, Rideau Hall was hit by a "sophisticated cyber incident" that meant someone got unauthorized access to Rideau Hall's internal computer systems.
Last month, a report issued by the Canadian Centre for Cyber Security warned that organized cybercrime, based heavily in Russia and to a lesser extent Iran, will "very likely pose a threat to Canada's national security and economic prosperity over the next two years."
"We assess that over the next two years, financially motivated cybercriminals will almost certainly continue to target high-value organizations in critical infrastructure sectors in Canada and around the world," the centre's website says.
The government has legislation before the House of Commons that would force some banking and telecommunications companies to improve their cybersecurity, but the bill is awaiting a review by the national security committee.
This report by The Canadian Press was first published Sept. 15, 2023.